Security Implications of DDR5 Standard PRAC Mechanism

Security Implications of DDR5 Standard PRAC Mechanism
Slide Note
Embed
Share

"Analysis of security and performance impact of DDR5 standard's Per-Row Activation Counting (PRAC) mechanism, showing it provides security against bitflips (under 10 activations) but incurs significant performance and energy overheads. PRAC allows memory performance attacks to exploit DRAM throughput."

  • Security Analysis
  • DDR5 Standard
  • Performance Evaluation
  • Memory Attacks
  • DRAM Technology
kars146
kars146 Follow

Uploaded on Mar 09, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Understanding the Security Benefits and Overheads of Emerging Industry Solutions to DRAM Read Disturbance O uzhan Canpolat Giray Ya l k Geraldo Oliveira Ataberk Olgun O uz Ergin Onur Mutlu

  2. Executive Summary Problem: DRAM continues to become more vulnerable to read disturbance Latest update (April 2024) to DDR5 standard introduces Per Row Activation Counting (PRAC) to mitigate read disturbance No prior work investigates PRAC ssecurity and performance Goal: Rigorously analyze and characterize the security and performance implications of the DDR5 standard PRAC mechanism Mathematical analysis & extensive simulations show that PRAC: provides security as long as no bitflip occurs below 10 activations has non-negligible performance (10%) andenergy (18%) overheads poorly scales for future DRAM chips, leading to significant overheads on performance (49%)and energy (136%) allows memory performance attacks to hog significant amount of DRAM throughput (up to 79% throughput loss) https://github.com/CMU-SAFARI/ramulator2 2

  3. Outline Background Industry Solutions to Read Disturbance Security Analysis Performance and Energy Evaluation Memory Performance Attacks Conclusion 3

  4. DRAM Organization DRAM Chips DRAM Channel DRAM Module 4

  5. DRAM Organization DRAM Cell Bitline DRAM Array Wordline Bank S S S S Sense amplifiers (row buffer) Off-chip channel 5

  6. DRAM Operations 1 ACTIVATE: Fetch the row into the row buffer 1 1 1 1 2 READ/WRITE: Retrieve or update data 3 PRECHARGE: Prepare the array for a new ACTIVATE to I/O ACTIVATION and PRECHARGE are time-consuming operations 6

  7. DRAM Access Latency ACTIVATE PRECHARGE Command Data Duration Next ACT row-cycle time (tRC) 7

  8. RowHammer: A Prime Example of Read Disturbance DRAM Subarray Victim Row Row 0 Row 0 Row 1 Row 1 Row 1 Victim Row open closed open open closed Row 2 Row 2 Row 2 Row 2 Row 2 Row 2 Aggressor Row Row 3 Row 3 Row 3 Victim Row Row 4 Row 4 Victim Row Repeatedly opening (activating) and closing (precharging) a DRAM row causes read disturbance bitflips in nearby cells 8 [Kim+ ISCA 20]

  9. Read Disturbance Vulnerabilities (I) DRAM Subarray Victim Row Row 0 Row 0 Row 1 Row 1 Row 1 Victim Row open closed open open Row 2 Row 2 Row 2 Row 2 Row 2 Aggressor Row Row 3 Row 3 Row 3 Victim Row Row 4 Row 4 Victim Row The minimum number of activations that causes a bitflip is called the RowHammer threshold (NRH) 9 [Kim+ ISCA 20]

  10. Read Disturbance Vulnerabilities (II) DRAM chips are more vulnerable to read disturbance today Read disturbance bitflips occur at much lower activation counts (more than two orders of magnitude decrease in less than a decade): <1K (RowPress) [Luo+, ISCA 23] 139K 9.6K [Kim+, ISCA 14] [Kim+, ISCA 20] It is critical to prevent read disturbance bitflips effectively and efficiently for highly vulnerable systems 10

  11. Existing RowHammer Mitigations (I): Preventive Refresh DRAM Subarray Victim Row Row 0 Row 0 Row 0 Row 1 Row 1 Row 1 Row 1 Victim Row open closed open open Row 2 Row 2 Row 2 Row 2 Row 2 Row 2 Aggressor Row Aggressor Row Row 3 Row 3 Row 3 Row 3 Victim Row Row 4 Row 4 Row 4 Victim Row Refreshing potential victim rows mitigates RowHammer bitflips 11 [Kim+ ISCA 20]

  12. Existing RowHammer Mitigations (II): DRAM Aggressor Row Tracking or Estimation DRAM Subarray Victim Row Row 0 Row 0 Row 0 Row 1 Row 1 Row 1 Row 1 Victim Row open closed open open Row 2 Row 2 Row 2 Row 2 Row 2 Row 2 Aggressor Row Aggressor Row Row 3 Row 3 Row 3 Row 3 Victim Row Row 4 Row 4 Row 4 Victim Row Necessary to accurately track or estimate aggressor DRAM row activation counts to preventively refresh potential victim rows 12 [Kim+ ISCA 20]

  13. Outline Background Industry Solutions to Read Disturbance Security Analysis Performance and Energy Evaluation Memory Performance Attacks Conclusion 13

  14. Industry Solutions to Read Disturbance: When To Refresh? (I) Preventive refresh is a blocking operation ACT DRAM Channel DRAM Module Memory controller could cause faulty operation by accessing the memory module during refresh 14

  15. Industry Solutions to Read Disturbance: When To Refresh? (II) Earlier JEDEC DDR5 specifications introduce Refresh Management (RFM) commands RFM DRAM Channel DRAM Module Memory controller sends an RFM command to allow time for preventive refreshes 15

  16. Industry Solutions to Read Disturbance Periodic Refresh Management (PRFM) Periodic Refresh Management (PRFM) Memory controller periodically issues RFM commands Memory controller periodically issues RFM commands Per Row Activation Counting and Back-Off (PRAC) DRAM chip tracks row activations and requests RFMs by sending back-off signals 16

  17. Industry Solutions to Read Disturbance: Periodic Refresh Management (PRFM) ACT RFM Bank Activation Counters 0 0 1 2 3 0 0 0 0 PRFM tracks activations with low accuracy, RFM Threshold causing high number of preventive refreshes, leading to large performance and energy overheads ACT ACT ACT RFM DRAM Commands 17

  18. Industry Solutions to Read Disturbance Periodic Refresh Management (PRFM) Memory controller periodically issues RFM commands Per Row Activation Counting and Back-Off (PRAC) DRAM chip tracks row activations and requests RFMs by sending back-off DRAM chip tracks row activations and requests RFMs by sending back-off Per Row Activation Counting and Back-Off (PRAC) 18

  19. Industry Solutions to Read Disturbance: Per Row Activation Counting DRAM Rows Counters 0 0 101010101010101010101010 0 1 2 3 4 0 101010101010101010101010 0 101010101010101010101010 0 PRAC allows accurate tracking of aggressor row activations 19

  20. Industry Solutions to Read Disturbance: Per Row Activation Counting DRAM Timings DRAM Rows Counters 0 101010101010101010101010 0 101010101010101010101010 0 101010101010101010101010 0 101010101010101010101010 0 101010101010101010101010 Row counter updates are not completely parallelized with DRAM access PRACincreases row-cycle time (tRC) by ~10% row-cycle time (tRC) ACT ACT 20

  21. Industry Solutions to Read Disturbance: Per Row Activation Counting DRAM Timings Timing parameter changes for DDR5-3200AN speed bin [JEDEC JESD79-5C, April 2024] tRP tRAS tRTP tWR tRC : +21ns (+140%) (-50%) : -16ns (-33%) : -2.5ns (-66%) : -20ns (+10%) : +5ns 21

  22. Industry Solutions to Read Disturbance: Per Row Activation Counting (PRAC) Back-Off ACT RFM Row Counters 0 Back-Off Threshold 0 1 2 3 4 0 0 recovery (N RFMs) normal traffic (180 ns) PRAC-N ACT ACT ACT ACT RFM RFM DRAM Commands 22

  23. Outline Background Industry Solutions to Read Disturbance Security Analysis Performance and Energy Evaluation Memory Performance Attacks Conclusion 23

  24. Mathematical Security Analysis Methodology Wave attack [Ya l k +, 2021] :worst-case access pattern maximizes hammer count by using decoy rows on a system with PRFM on a system with PRAC Parameters: Starting row set size: # of rows that the wave attack hammers RFM threshold (PRFM) Back-Off threshold (PRAC) Result: Worst possible (highest) activation count that an attacker can achieve to a row 24

  25. Security Analysis: Secure PRFM Configurations Wave Attack Parameter Highest activation count an attacker can achieve Higher is worse Defense Parameter 25

  26. Security Analysis: Secure PRFM Configurations Wave Attack Parameter Highest activation count an attacker can achieve Unsafe RowHammer Threshold = 1024 Higher is worse Safe Defense Parameter 26

  27. Security Analysis: Secure PRFM Configurations Highest activation count an attacker can achieve Higher is worse 27

  28. Security Analysis: Secure PRFM Configurations Highest activation count an attacker can achieve Higher is worse PRFM must send RFM commands very frequently (every ~8 ACTs) to prevent bitflips at low RowHammer thresholds (below 128) 28

  29. Security Analysis: Secure PRAC Configurations Highest activation count an attacker can achieve Higher is worse Less frequent back-off signals 29

  30. Security Analysis: Secure PRAC Configurations Highest activation count an attacker can achieve Higher is worse Less frequent back-off signals PRAC is configurable for secure operation against RowHammer thresholds as low as 10 30

  31. Outline Background Industry Solutions to Read Disturbance Security Analysis Performance and Energy Evaluation Memory Performance Attacks Conclusion 31

  32. Evaluation Methodology Performance and energy consumption evaluation: cycle-level simulations using Ramulator 2.0 [Luo+, CAL 2023] and DRAMPower [Chandrasekar+, DATE 2013] System Configuration: Processor 4 cores, 4.2GHz clock frequency, 4-wide issue, 128-entry instruction window DRAM DDR5, 1 channel, 2 rank/channel, 8 bank groups, 4 banks/bank group, 64K rows/bank Memory Ctrl. 64-entry read and write requests queues, Scheduling policy: FR-FCFS with a column cap of 4 Last-Level Cache 8 MiB (4-core) Comparison Points: 3 state-of-the-art RowHammer mitigations Best-performing: Graphene [Park+ 2020] Lowest processor chip area: PARA [Kim+ 2014] Area-optimized best-performing: Hydra [Qureshi+ 2022] Workloads: 60 4-core workload mixes SPEC CPU2006, SPEC CPU2017, TPC, MediaBench, YCSB 32

  33. Performance Comparison: Industry Solutions 1 PRFM Memory controller periodically issues RFM 2 PRAC-N Memory controller issues N RFMs each with back-off 3 PRAC+PRFM Memory controller issues RFM periodically and with back-offs 4 PRAC-Optimistic PRAC-4 with no change in DRAM timing parameters 33

  34. Experimental Results: Performance Overhead and Its Scaling Higher is better Lower is worse 34

  35. Experimental Results: Performance Overhead and Its Scaling 10% PRAC has non-negligible performance overhead (10%) due to increased access latency 35

  36. Experimental Results: Performance Overhead and Its Scaling Graphene and Hydra outperform PRAC at relatively high NRH values 36

  37. Experimental Results: Performance Overhead and Its Scaling Above NRH of 32, PRAC overhead only slightly increases due to timely preventive refreshes Below NRH of 32, PRAC overhead significantly increases due to conservative thresholds against a wave attack 37

  38. Experimental Results: Performance Overhead and Its Scaling PRAC-Optimistic outperforms all evaluated mitigation mechanisms (above NRH of 32) 38

  39. Experimental Results: Performance Overhead and Its Scaling PRFM s system performance overheads significantly increase (by 37x) as NRH decreases 39

  40. Experimental Results: DRAM Energy Overhead and Its Scaling Higher is worse Lower is worse 40

  41. Experimental Results: DRAM Energy Overhead and Its Scaling 18% PRAC has non-negligible DRAM energy overhead (18%) due to increased timing parameters 41

  42. Experimental Results: DRAM Energy Overhead and Its Scaling Above NRH of 32, PRAC overhead only slightly increases due to timely preventive refreshes Below NRH of 32, PRAC overhead significantly increases due to conservative thresholds against a wave attack 42

  43. Experimental Results: DRAM Energy Overhead and Its Scaling 33x PRFM s DRAM energy overhead significantly increase (to 33x) as NRH decreases 43

  44. Outline Background Industry Solutions to Read Disturbance Security Analysis Performance and Energy Evaluation Memory Performance Attacks Conclusion 44

  45. Memory Performance Attacks Access pattern to trigger most back-offs with fewest activations possible by targeting a single row Row Counters Adversarial Access Pattern 0 0 Many Back-Offs Mathematically hogs up to 79% of DRAM throughput of future DRAM chips Degrades system performance by up to 65% (53% on average) 45

  46. More in the Paper Detailed Background More information on PRAC and RFM Security Analysis Threat Model Secure Configurations Evaluation Storage Analysis: PRAC and PRFM incur low storage overheads and scale well with decreasing NRH values Memory Performance Attacks Simulation results between NRH values of 128 and 16 46

  47. More in the Paper https://arxiv.org/abs/2406.19094 47

  48. Open Sourced https://github.com/CMU-SAFARI/ramulator2 48

  49. Outline Background Industry Solutions to Read Disturbance Security Analysis Performance and Energy Evaluation Memory Performance Attacks Conclusion 49

  50. Conclusion Werigorously analyzed and characterized the security and performance implications of recently introduced industry solutions to DRAM read disturbance Mathematical analysis & extensive simulations show that PRAC: provides security as long as no bitflip occurs below 10 activations has non-negligible performance (10%) andenergy (18%) overheads poorly scales for future DRAM chips, leading to significant overheads on performance (49%)and energy (136%) allows memory performance attacks to hog significant amount of DRAM throughput (up to 79% throughput loss) Future work: More research is needed to improve PRAC by reducing the overheads due to increased DRAM timing parameters solving the exacerbated performance impact as NRH decreases stopping preventive refreshes from being exploited by memory performance attacks 50

Related


Overview of Compliance, Quality Assurance, Ethics, and Disciplinary Mechanism in ICAI

Overview of Compliance, Quality Assurance, Ethics, and Disciplinary Mechanism in ICAI

illyria
Role of Security Champions in Organizations

Role of Security Champions in Organizations

irvin
Overview of Ethics, Quality Assurance, and Disciplinary Mechanism in ICAI

Overview of Ethics, Quality Assurance, and Disciplinary Mechanism in ICAI

koa
Proposed Approach for MAC Address Assignment in IEEE 802.11

Proposed Approach for MAC Address Assignment in IEEE 802.11

adlai
Grievance Redress Mechanism: Enhancing Project Efficiency

Grievance Redress Mechanism: Enhancing Project Efficiency

leodis
Roles of a Security Partner

Roles of a Security Partner

zaara
Inter-Agency SEA Community Based Complaints Mechanism in Nigeria

Inter-Agency SEA Community Based Complaints Mechanism in Nigeria

emmitt
Standard Deviation, Variance, and Z-Scores

Standard Deviation, Variance, and Z-Scores

eilis
Comparison of Security Profiles in OpenHIE Registries

Comparison of Security Profiles in OpenHIE Registries

simba
IEEE 802.11-20/1108-00-00be MLO Probe Mechanism in AP MLD

IEEE 802.11-20/1108-00-00be MLO Probe Mechanism in AP MLD

safaa
Acceleration Analysis of Slider Crank Mechanism

Acceleration Analysis of Slider Crank Mechanism

tdev
Warsaw International Mechanism for Loss and Damage: Addressing Climate Change Impacts

Warsaw International Mechanism for Loss and Damage: Addressing Climate Change Impacts

ame_sho
Advancements in Chemical Mechanisms for Aerosol Effects in WRF/Chem Model

Advancements in Chemical Mechanisms for Aerosol Effects in WRF/Chem Model

rami_128
Acknowledgment Mechanism for mmWave Distribution Networks

Acknowledgment Mechanism for mmWave Distribution Networks

getchell_d
The Scotch Yoke Mechanism: Experiment and Analysis

The Scotch Yoke Mechanism: Experiment and Analysis

bice_sal
Intelligent Mechanism Design for Intent-Based Network Resource Reconfiguration

Intelligent Mechanism Design for Intent-Based Network Resource Reconfiguration

frane
Mechanism Design and Auction Theory in Game Economics

Mechanism Design and Auction Theory in Game Economics

abdim
The African Peer Review Mechanism (APRM) and Benin's Progression

The African Peer Review Mechanism (APRM) and Benin's Progression

azbo514
Critique of Transatlantic Trade & Investment Partnership (TTIP) and ISDS Mechanism

Critique of Transatlantic Trade & Investment Partnership (TTIP) and ISDS Mechanism

jzay
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Standard Deviation and Standard Error of the Means

Standard Deviation and Standard Error of the Means

jbedo
New Assumptions for Achieving Chosen Ciphertext Security in Cryptography

New Assumptions for Achieving Chosen Ciphertext Security in Cryptography

ktenn

More Related Content